Enterprise Mobility for Every Business and Every Device

Earlier today in San Francisco, Satya spoke about the wide-ranging work Microsoft is doing to deliver a cloud for everyone and every device. Satya’s remarks certainly covered a lot of ground – including big announcements about the availability of Office on the iPad, as well as the release of what we call the Microsoft Enterprise Mobility Suite.

Regarding the Enterprise Mobility Suite (EMS), I want to share some additional details about the upcoming general availability of Azure Active Directory Premium, as well as our latest updates to Windows Intune.

If you haven’t had a chance to read this morning’s post from Satya, I really recommend checking in out here. In the post, Satya talks about the focus of our company being “Mobile First – Cloud First.” I love this focus! The mobile devices that we all use every day (and, honestly, could not live without) were built to consume the cloud, and the cloud is what enables these devices to become such a critical and thoroughly integrated part of our lives.

For years I have emphasized that, as we architect the solutions that help organizations embrace the devices their users want to bring into work (i.e. BYOD), the cloud should be at the core of how we enable this. As I have worked across the industry with numerous customers it is clear that embracing a cloud-based infrastructure for Enterprise Mobility has become the go-to choice for forward-looking organizationsaround the world who want to maximize their Enterprise Mobility capabilities.

Enterprise Mobility is a big topic – so big, in fact, that it extends beyond mobile device management (MDM) and the need to address BYOD. Now Enterprise Mobility stretches all the way to how to best handle new applications and services (SaaS) coming into the organization. Enterprise Mobility also has to address data protection at the device level, at the app level, and at the data level (via technologies like Rights Management).

With these challenges in mind, we have assembled the EMS to help our customers supercharge their Enterprise Mobility capabilities with the latest cloud servicesacross MDM, MAM, identity/access management, and information protection.

On one point I do want to be very specific: The EMS is the most comprehensive and complete platform for organizations to embrace these mobility and cloud trends. Looking across the industry, other offerings feature only disconnected pieces of what is needed. When you examine what Microsoft has built and what we are delivering, EMS is simply the onlysolution that has combined all of the capabilities needed to fully enable users in this new, mobile, cloud-enabled world.

Additionally, with Office now available on iPad, and cloud-based MDM from Intune, over time we will deliver integrated management capabilities for Office apps across the mobile platforms.

The capabilities packaged in the EMS are a giant step beyond simple MDM. The EMS is a people-first approach to identity, devices, apps, and data – and it allows you to actively build upon what you already have in place while proactively empowering your workforce well into the future.

Cloud-based Identity & Access Management

Azure Active Directory(AAD) is a comprehensive, cloud-based identity/access management solution which includes core directory services that already support some of the largest cloud services (including Office 365) with billions of authentications every week. AAD acts as your identity hub in the cloud for single sign-on to Office 365 and hundreds of other cloud services.

Azure AD Premiumbuilds on AAD’s functionality and gives IT a powerful set of capabilities to manage identities and access to the SaaS applications that end-users need.

Azure AD Premium is packed with features that save IT teams time and money, for example:

It delivers group management and self-service password reset – dramatically cutting the time/cost of helpdesk calls.

It provides pre-configured single sign on to more than 1,000 popular SaaS applications so IT can easily manage access for users with one set of credentials.

To improve visibility for IT and security, it includes security reporting to identify and block threats (e.g. anomalous logins) and require multi-factor authentication for users when these abnormalities are detected.

The Azure AD Premium service will be generally available in April. For more info, check out this new postfrom the Azure team.

Cloud-delivered MDM

Windows Intuneis our cloud-based MDM and PC management solution that helps IT enable their employees to be productive on the devices they love.

Since its launch we have regularly delivered updates to this service at a cloud cadence. In October 2013 and January 2014 we added new capabilities like e-mail profile management for iOS, selective wipe, iOS 7 data protection configuration, and remote lock and password reset.

Following up on these new features, in April we will also be adding more Android device management with support for the Samsung KNOX platform, as well as support for the upcoming update to Windows Phone.

Data Protection from the Cloud

This service is already available today as part of Office 365, and we recently added extended capability for existing on-prem deployments. Azure RMS now supports the connection to on-prem Exchange, SharePoint, and Windows Servers.

In addition to these updates, Azure RMS also offers customers the option to bring their own key to the service, as well as access to logging information by enabling access policy to be embedded into the actual documents being shared. When a document is being shared in this manner, the user’s access rights to the document are validated each time the document is opened. If an employee leaves an organization or if a document is accidentally sent to the wrong individual, the company’s data is protected because there is no way for the recipient to open the file.

Cost Effective Licensing

Now with these three cloud services brought together in the EMS, Microsoft has made it easy and cost effective to acquire the full set of capabilities necessary to manage today’s (and the future’s) enterprise mobility challenges.

As we have built the Enterprise Mobility Suite we also have thought deeply about the need to really simplify how EMS is licensed and acquired. With this in mind, EMS is licensed on a per-user basis. This means that you spend less time worrying about the number of devices in use, or implementing policies that will limit the types of devices that can be used.

The Enterprise Mobility Suite offers more capabilities for enabling BYO and SaaS than anyone in the market – and at a fraction of the cost charged elsewhere in the industry.

* * *

This is a major opportunity for IT organizations to take huge leaps forward in their mobility strategy and execution, and Microsoft is committed to supporting every element of this cloud-based, device-based, mobility-centric transformation.

There is so much we want to tell you about the Enterprise Mobility Suite and the innovations we are delivering here. This will be a big topic for us at TechEd North America and it will be a big part of the keynote on May 12. See you there!

Recent Posts from EMS Leaders

Howdy folks, One of the coolest collaboration features in Office 365 is Office 365 groups. Your employees can create these groups on the fly and use them to collaborate with their co-workers on projects, sharing team documents, emails and calendars. These groups are easy and fast to create and judging by their usage telemetry, they are VERY popular. However as the number of Office 365 groups increases, it can create a bit of a mess, for instance when a project is completed but the group is still hanging around. To help address that issue, we’ve just turned on the public preview of Office 365 groups expiration! With this new feature you can set an expiration timeframe for any Office 365 group you choose. Once that timeframe is set, owners of any groups set to expire will be asked to renew them if they still need them. Groups that aren’t renewed will be deleted. And using a feature we shipped earlier called “Soft-delete of groups”, any group that was not meant to be deleted can be restored within 30 days by the group owners.... Read more

One of the most impactful changes we have made at Microsoft is to focus our engineering teams solely on usage and the customer experience of our services . In all my years leading product teams, I have never seen something that has impacted the culture of an engineering organization more than this. These changes have been so incredibly positive that I want to share the details of what we did to make this happen. I have two reasons for doing this: 1) I know that many of you are interested in driving cultural change within your own teams and organizations – and, perhaps, the work we’ve done may spark some ideas for you. 2) It may be helpful for our customers and partners to understand how we prioritize our work.... Read more

Organizations are pushing forward in their digital transformations and we continue to see and hear more about what this shift means for IT. The scope of digital transformation goes beyond moving existing work to the cloud and enabling a more mobile workforce. It brings the opportunity to reimagine business from the ground up – from product offerings, to customer engagement strategies, to how to drive innovation and differentiate vs. competition. As a result, today more than ever, CIOs are being asked by their boards and other executives to weigh in on a growing number of business decisions. Almost half (46%) of CIOs in the State of the CIO survey report directly to their CEO, 61% have direct interaction with the board, and 76% are interfacing directly with customers.... Read more

Something I have come to really appreciate as we’ve built Intune and watched its usage scale to millions of devices is the unbelievably broad and diverse types of hardware our customers have to manage. To put this challenge in perspective, check out the chart below. In this chart, you can see the diversity of devices facing an Intune customer. Each box represents a specific device model (iPhone 6, Galaxy 6, etc.), and the size of the box indicates the percentage of that device in the overall population. The customer (who will remain anonymous) shown in this example is managing more than 40k devices with Intune and they have a very open/broad BYOD policy. It’s also interesting to note that they are currently using many of the Enterprise Mobility + Security capabilities in conjunction with Office 365 and the Office mobile apps on their devices.... Read more

Hi everyone, and welcome to an important post for those of you who have been using the document tracking and revocation feature. We received feedback from some of you around privacy and compliance when using this feature and we’ve tried to address that with this release. We are excited to release in preview the new ‘Do not track’ feature which gives organizations flexibility to configure a group of users within their company who should not be tracked because of privacy or compliance reasons. You can now configure ‘Do not track’ for users by adding them to a mail enabled group email address from Azure AD (can be a cloud native or sync group). Once configured, you will no longer be able to track activities of users of this group. Admins can configure the feature for specific groups by running new PowerShell commands added to the admin tool.... Read more